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Remarks 

Claims 1, 3-18, 20-29 and 31-33 are currently pending in the subject application and are 
presently under consideration. Claims 1, 20, 28 and 33 have been amended as shown on pp. 2-6 
of this Reply. 

Favorable reconsideration of the subject patent application is respectfully requested in 
view of the comments and amendments herein. 

I. Rejection of Claim 20 Under 35 U.S.C. §112, second paragraph 

In the Final Office Action dated January 20, 2006, claim 20 stands rejected under 35 
U.S.C. §112, second paragraph as being indefinite for failing to particularly point out and 
distinctly claim the subject matter which applicant regards as the invention. Claim 20 has been 
amended to provide sufficient antecedent basis, as such the rejection is moot and should be 
withdrawn. 

H. Rejection of Claims 1» 3-12, 17, 18. 20. 23, 27. 28, 29 and 33 Under 35 U.S.C. S103(a> 
In the Final Office Action dated January 20, 2006, claims 1, 3-12, 17, 18, 20, 23, 27, 28, 
29 and 33 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over Lee et al ("A 
secure electronic software distribution (ESD) protocol based on PKC M by Lee et al , EC- Web 
2000, LNCS 1875, pp. 63-71, 2000) in view of Goldstone (U.S. Pub. No. 2003/0142364 Al). It 
is respectfully submitted that this rejection should be withdrawn for the following reasons. Lee 
et al and Goldstone, individually or in combination, do not teach or suggest each and every 
element set forth in the subject claims. 

To reject claims in an application under §103, an examiner must show an 
unrebutted prima facie case of obviousness. A prima facie case of 
obviousness is established by a showing of three basic criteria. First, 
there must be some suggestion or motivation, either in the references . 
themselves or in the knowledge generally available to one of ordinary 
skill in the art, to modify the reference or to combine reference 
teachings. Second, there must be a reasonable expectation of success. 
Finally, the prior art reference (or references when combined) must teach 
or suggest all the claim limitations. See MPEP §706.02(j). The teaching 
or suggestion to make the claimed combination and the reasonable 
expectation of success must both be found in the prior ait and not based 
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on applicants' disclosure. See In re Vaeck, 947 F.2d 488, 20 USPQ2d 
1438 (Fed. Cir. 1991). 

The claimed invention relates to a system and methodology to facilitate secure network 
communications between remote network entities or parties to a transaction. This is achieved by 
providing a strong set of security credentials between a master entity such as a service and a 
remote entity such as a partner. In conjunction with the strong set of security credentials, a 
protocol is provided that acts as a package, wrapper or container to house the security credentials 
before delivery from the service to the partner to facilitate secure communications between the 
parties. 

More particularly, independent claim 1 (and similarly independent claims 18, 27, 28 and 
33) recite similar limitations, namely: a system and method for facilitating a computer a security 
connection between entities, comprising a wrapper that packages credentials associated with 
resources of a service; and a pass-phrase employed in connection with generation of the 
wrapper via a cryptographic wrapping key, the pass-phrase employed to facilitate access to the 
credentials, the credentials employed to facilitate access to the resources of the service, and the 
pass-phrase distributed separately from the credentials. Lee et al and Goldstone, individually 
or in combination, fail to teach or suggest such aspects of the claimed invention. 

Lee et al discloses a secure electronic software distribution (BSD) protocol based on 
public key cryptography (PKC). When a customer completes a software purchase, a merchant 
server sends an electronic license to the customer via email. When a customer executes an 
installation program, the program first connects to the authentication agent using a loopback 
address and predefined port. The authentication agent decrypts using the merchant server's 
public key and sends the message to the installation program. The installation program then 
extracts the message, authenticates it and generates a timestamp. (See pages 67-68). However, 
Lee et al. does not disclose or suggest utilizing a pass-phrase to generate a wrapper. Applicants' 
pass-phrase generates and unlocks the wrapper and is also distributed to the user separately from 
the credentials. 

Goldstone does not make up for the aforementioned deficiencies of Lee et al with 
respect to independent claims 1, 18, 27, 28 and 33 (which claims 3-12, 17, 20, 23 and 29 
respectively depend there from). Goldstone discloses a communication system that allows an e- 
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mail message recipient to simultaneously retrieve encrypted e-mail messages and convert them 
into a format so they can be displayed readily by or on various types of devices. According to 
the system, an e-mail message recipient is notified of receipt of an e-mail message and an 
indication of whether the e-mail message is encrypted. The recipient of the e-mail message then 
has the choice of either downloading the e-mail message on a secure machine at a later time or 
opening the e-mail message immediately by providing the system with the appropriate 
decryption key. (See pg, 2, paragraphs [0015] and [0017]). Accordingly, Goldstone does not 
disclose or suggest utilizing a pass-phrase to generate a wrapper. 

As stated above, teachings of references can be combined only if there is some suggestion 
or incentive to do so. Here, neither the nature of the problem to be solved, the teachings in the 
cited art, nor the knowledge of persons of ordinary skill provide sufficient suggestion or 
motivation to combine the references. Instead, the Office Action relies on improper hindsight in 
reaching his obviousness determination. Lee et al and Goldstone cannot be combined to make 
the claimed invention obvious because there is not proper suggestion or motivation to combine 
the references' teachings to create the subject matter recited in independent claims 1,18, 27, 28 
and 33. 

Lee et al is directed to a secure ESD protocol that provides a secure software installation 
and illegal copy protection scheme based on public key cryptography (PKC); while Goldstone is 
directed to a communication system that allows for the retrieval of encrypted messages through 
different types of media. Specifically, Goldstone is concerned with accessing encrypted e-mails 
through different types of media, such as wireless phones, pagers, PDA's, etc. Goldstone states 
that most current handsets do not have the computational power to decrypt e-mail messages 
encoded using PKC. (See pg, 2 7 paragraph [0012]). Thus, one of ordinary skill in the art who is 
utilizing the secure ESD protocol based on PKC of Lee, would not look to the encrypted e-mails 
accessed via handsets of Goldstone because handsets would not have the computational power to 
decrypt e-mail messages encoded using PKC. Accordingly, neither Lee et al nor Goldstone 
provide any motivation to modify the secure ESD protocol of Lee et al as suggested in the 
present Office Action. Thus, the contention that separately distributing the pass-phrase from the 
credentials would have been obvious in view of the teachings of Lee et al and Goldstone 
constitutes nothing more than hindsight speculation. 
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Moreover, the combination of Lee et al and Goldstone does not teach the claimed 
invention. Applicants' system for processing credentials utilizes a pass-phrase to not only 
decrypt and access the credential but also to secure the credentials in a wrapper. Specifically, 
the pass-phrase is employed to generate a cryptographic wrapping key (e.g., standard API 
CryptDeriveKey function). With a given pass-phiase, for example, the resulting wrapping key is 
generally the same. The wrapping key is then employed to cryptographically wrap or insulate 
the credentials in the wrapper or package (e.g., standard API CryptExportKey function). It is 
noted after the set of credentials have been placed into the wrapper, that generally only an entity 
that has the pass-phrase can retrieve the credentials. (See pg. 7, line 29-pg. 8, line 6). 
Accordingly, the combination of Lee et al and Goldstone, Le., the addition of a separately 
distributed password, does not render the presently claimed invention obvious. 

In view of the aforementioned deficiencies of Lee et al and Goldstone, and because the 
requisite teaching or suggestion to combine the elements in the manner suggested is absent from 
the cited references, it is respectfully submitted that this rejection be withdrawn with respect to 
independent claims 1,18, 27, 28 and 33 (which claims 3-12, 17, 20, 23 and 29 depend 
respectively there from). 

HI. Rejection of Claims 13-16, 21, 22, 31 and 32 Under 35 U.S.C. S103( a) 

In the Final Office Action dated January 20, 2006, claims 13-16, 21, 22, 31 and 32 stand 
rejected under 35 U.S.C. §103(a) as being unpatentable over Lee et al, in view of Goldstone, 
and further in view of Brainaid ("SecurSight: An overview for secure information access" by 
John G. Brainard, RS A Laboratories). It is respectfully submitted that this rejection should be 
withdrawn for the following reasons. Lee et al, Goldstone and Brainard, individually or in 
combination, do not teach or suggest each and every element set forth in the subject claims. In 
particular, Brainard does not make up for the aforementioned deficiencies of Lee et al and 
Goldstone with respect to independent claims 1 , 1 8 and 3 1 (which claims 13-16, 21 , 22 and 32 
depend from). Specifically, Brainard does not provide a pass-phrase to not only decrypt and 
access the credentials, but also to secure the credentials in a wrapper. Thus, the subject invention 
as recited in claims 1 3-1 6, 21, 22, 31 and 32 is not obvious over the combination of Lee ei al, 
Goldstone and Brainard, and withdrawal of this rejection is requested. 
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IV. Rejection of Claims 24 and 25 Under 35 U.S-C $103<V> 

In the Final Office Action dated January 20, 2006, claims 24 and 25 stand rejected under 
35 U.S.C. § 103(a) as being unpatentable over Lee et al, in view of Goldstone, and further in 
view of Chatani et al (U.S. Pub. No. 2002/0104019 Al). It is respectfully submitted that this 
rejection should be withdrawn for the following reasons. Lee et al., Goldstone and Chatani et 
al , individually or in combination, do not teach or suggest each and every element set forth in 
the subject claims. In particular, Chatani et al does not make up for the aforementioned 
deficiencies of Lee et al and Goldstone with respect to independent claim 1 8 (which claims 24 
and 25 depend from). Thus, the subject invention as recited in claims 24 and 25 is not obvious 
over the combination of Lee et al , Goldstone and Chatani et al, and withdrawal of this rejection 
is requested. 



The present application is believed to be in condition for allowance in view of the above 
comments and amendments. A prompt action to such end is earnestly solicited. 

In the event any fees are due in connection with this document, the Commissioner is 
authorized to charge those fees to Deposit Account No. 50-1063 [MSFTP319US], 

Should the Examiner believe a telephone interview would be helpful to expedite 
favorable prosecution, the Examiner is invited to contact applicants' undersigned representative 
at the telephone number below. 



AMIN & TUROCY, LLP 

24 th Floor, National City Center 
1900 E. 9 th Street 
Cleveland, Ohio 44114 
Telephone (216) 696-8730 
Facsimile (216) 696-8731 
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Respectfully submitted, 

AMIN & TUROCY, LLP 




Himanshu S. Amin 
Reg. No. 40,894 



